A customer may create an Intranet by interconnecting its Local Area Networks (LANs) over a service provider's network. For example, a customer may have multiple local area networks located in multiple geographical areas. The customer may then wish to enable users in various locations to communicate seamlessly. The customer may then subscribe to a Virtual Private Network (VPN) service from its service provider for interconnecting the multiple locations. The customer may then build an intranet network over the service provider's Internet Protocol (IP) network.
The customer may implement security at gateways to public networks to protect the VPN from malicious activities originating outside of the customer's Intranet network. For example, the customer may implement security at Customer Edge Routers (CERs) to prevent attacks originating in the IP network from reaching its various LANs. However, a malicious activity may originate within the Intranet network. For example, disgruntled employees, compromised users, etc. may attack servers or may access unauthorized information. In another example, a customer endpoint device such as a mobile device, may be traversing both the Intranet and Internet and may unintentionally create an easy access for a malicious code.